Curiosity is the main drive behind the question. I’ve always seen it said
that its not possible, but for some reason in my mind, that couldnt have
been the whole story, otherwise as I mentioned in my initial post, I wouldnt
be typing this email.
I simply find the internals of the NT OS and its design to be utterly
fascinating, Im still trying to wrap my mind around the asynchronicity (sp?)
of the windows kernel, how it doesnt use the simple call stack structure like,
um, other SYNCHRONOUS OS’s, but rather a whole new concept (to me) of
maintaining function call state that lends itself to an asynchronous nature
rather easily as well as facilitating making *everything* pre-emptable from day
one, unlike that OTHER SYNCHRONOUS OS.
If anyone can recommend any good books on the OS internals besides Russinovich’s
Windows Internals v4 and the Nebbet book on NT Syscalls, id much appreciate it.
Asa
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Egemen Tas
Sent: Saturday, March 05, 2005 1:37 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Creating Processes
It is quite possible!
By using lots of undocumented techniques, you can create a user process from
the kernel mode driver if you know what to do and how to deal with internals
of NT.
But the point is why would such a requirement be ever needed? If this is a
case, the revision of such a poor specification is required!
I can’t see any legitimate reason except for writing better(or worse)
rootkits for doing so.
Egemen Tas
-------Original Message-------
From: Asa Yeamans
Date: 03/05/05 10:42:55
To: Windows System Software Devs Interest List
Subject: [ntdev] Creating Processes
I’ve often seen on this list that a kernel mode driver can’t create a
process,
that a user-mode helper service is required. Now, point out to me if my
logic
is flawed, but if kernel mode components can’t create user mode processes,
then by that statement alone SMSS shouldnt start, and if that doesnt start,
well then Im not typing this message into outlook right now. Obviously,
thats
not the case, so what is the reason that kernel mode drivers cant create
processes.
Is it because they wont be registered with CSRSS and hence wont have any
access
to the Win32 APIs or is it something else entirely?
Asa
Questions? First check the Kernel Driver FAQ at http://www.osronline
com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@rivin.net
To unsubscribe send a blank email to xxxxx@lists.osr.com